Applies To: WatchGuard Patch Management
In some cases, WatchGuard Patch Management cannot get a download URL to install a patch automatically. This can occur when a patch requires payment, is not a publicly available patch, or requires user registration to download. For these patches, you can download the patch manually and add it to the patch repository on a WatchGuard Endpoint Security cache computer, so computers can install it. To manually add a patch to the repository, you must have the download URL of the patch. For more information, go to Configure the Cache Computer List Manually.
Linux computers use the distribution package manager to download patches from the Internet. They cannot download patches from a cache computers you specify in WatchGuard Endpoint Security.
To install patches that require manual download, follow these steps:
- Identify patches that you must manually download.
- Get the patch download URL from the vendor and download the patch.
- Add the downloaded patch to the patch repository.
- Mark the patch as manually downloaded and available to install.
Create a query to generate a list of patches that require manual download.
To identify patches that require manual download:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Select Status.
- From the left pane, in the My Lists section, click Add.
- Click Available Patches.
- Enter a name for the list.
- In the Installation section, configure these filters:
- Requires Manual Download — Selected
- Show Non-downloadable Patches — Yes
- Click Launch Query.
The list shows all patches that computers on the network require which Patch Management cannot download automatically.
When a patch cannot download automatically, Patch Management provides a link to manually download the patch.
To get the download URL and download the patch:
- In the Available Patches list, click a patch that requires manual download.
The Patch Detected details page opens and shows details of the patch.
- Note the file name shown in the Patch Details section.
- To download the patch, click the Download URL link.
The patch downloads.
After you download the patch file, you must copy it to the WatchGuard Endpoint Security program folder.
Patches can be downloaded from cache computers and the Internet. Patches cannot be downloaded through an Endpoint Security proxy.
To add the downloaded patch to the patch repository:
- Identify a computer on the network that has WatchGuard Endpoint Security installed and has the cache role.
- Copy the downloaded file to this path on the cache computer:
C:\ProgramData\PandaSecurity\Panda Aether Agent\Repository\ManuallyDeploy
If you installed WatchGuard Endpoint Security on a computer drive that differs from the default installation drive, copy the file to X:\PandaSecurity\Panda Aether Agent\Repository\ManuallyDeploy, where X is the drive where the repository is located.
- If the ManuallyDeploy folder does not exist, create it with read and write administrator permissions.
- If needed, rename the downloaded file to match the File Name you noted in the Get the Download URL and Download the Patch section.
After you copy the patch to the repository, you can mark the patch as manually downloaded from the Available Patches list.
After you mark a patch as manually downloaded, its status changes from Requires Manual Download to Pending (manually downloaded) for all computers that need to install it and the patch can be installed like an automatically downloaded patch. For more information, see Install Patches.
Patch Management does not check if there are patches with the Pending (manually downloaded) status on cache computers, or whether computers on the network that require a patch have a cache computer assigned that has the patch in its repository. You must make sure that cache computers used for patch downloads have all necessary manually downloaded files in the ManuallyDeploy folder.
To mark a patch as manually downloaded:
- In the Available Patches list, select the check box in the rows of any patches you want to mark as manually downloaded.
- On the toolbar, click Mark as Manually Downloaded.
Disable a Manually Downloaded Patch for Installation
If you no longer want a manually downloaded patch to be available to install, you can disable the patch for installation.
To disable a manually downloaded patch for installation:
- In the Available Patches list, click Filters.
- In the Installation section, select the Pending (Manually Downloaded) check box.
- From the Show Non-downloadable Patches drop-down list, select Yes.
- Click Filter.
The list shows all patches manually downloaded and enabled for installation.
- Select the check box in the rows of any patches you want to disable installation for.
- In the toolbar, click Mark as ‘Requires manual download’.
The patch is removed from the repository of installable patches, and you cannot install it.